java - Forbidden error when I access HTTP and HTTPS URLs -


i have website (liferay portal 6.1 , tomcat 7.0) having http , https url below.

i follow below steps , getting forbidden error:

  1. i fill form details in 2nd url.
  2. before submitting form open 1st url in new tab.
  3. then if come 1st url , submit found forbidden error.

i checked jsessionid @ both tabs, ids same. may issue? idea guys?

it's not worth investing time in making http/https mixed mode work (in opinion). bite bullet , go https always. if you'd fix this issue now, chances you'll run more issues later, eating more of time. , when run other issues, they're highly security sensitive.

do favor - unconditionally redirect http traffic https. it's 2016, there's nothing unusual more.

edit after comment: especially if it's old system (by way, obvious when mentioned liferay 6.1. assuming you're using ce, it's long out of updates): configure use of https anywhere can hands on. unconditionally add hsts header take care of rest. no need touch ancient logic. e.g. set

web.server.protocol=https 

in portal-ext.properties. add hsts header apache httpd unconditionally (assuming have apache httpd, otherwise use this liferay app yours truly).


Comments